MilanBortel

Hi @Kumar_K, great it all worked out 😉 Take care, Milan

Hi @StanAsterisque, I have no info about this being a known issue.. To be honest, as with any other AV vendor, there are typical scenarios we deal with - Kaspersky is blocking this and that.. Kaspersky thinks this is a malicious app, but it’s not - it is our internal tool … so of course, we have to be able to work it out somehow 🤕 To resolve this, I’d recommend simple test - let KSWS run on the affected server, but use policy settings to switch off/on one module after other and see if the CPU usage has decreased or not.. In other words - try to identify which component/task might be the cause.. Once we know the specific module, then we can optimize the policy, you know.. 🤓 Cheers, Milan

Hi @StanAsterisque, what products/versions are you using? Did you install Kaspersky Security for Windows Servers on that hosts? That’s the recommended version on server OS. I’d start with that 🤠 Cheers, Milan

Hi @rinnofer, it might be interesting to see what policy was active on this specific host. Can you share with us? Do you have password protection enabled for KES operation? And also for Network Agent? These are crucial settings. If you personally can turn off KES on the server, then the attacking malware can do the same. Not being KES problem rather the configuration issue 🙄 Let us know! Cheers, Milan

Hi @Kumar_K, well, I think that after restoration of the old KSC backup on the new KSC, there is no further action needed. All the keys will be restored and available. So you will just move all the computers to the new KSC. One more thing came to my mind. On the computers KES stores these encryption/decryption keys also locally, so they could work offline (with no KSC connectivity). And after you move the computers to new KSC, they will sync these keys with KSC if they are missing.. does it make sense to you? 😜 Milan

Yeah, @Kumar_K the option to import Encryption keys IMHO means that the new KSC server would use the old KSC’s master encryption key and thus being able to manage all external encrypted drives. You know, with KSC installation, there are always SSL certificate and master keys for FDE and FLE generated.. However, if you restore the backup from old KSC to new KSC, all the keys and certs will be restored, so I would fear no more.. I think external USB will work just fine with the new KSC 😇 Cheers, Milan

Hi @Kumar_K, when you forget the BitLocker PIN, you have to enter the recovery key: BitLocker recovery key promptThis is the MMC interface: BitLocker recovery keyAfter successful boot, user is prompted to change the password: BitLocker Change password promptAfter password change, both recovery key and recovery key ID are updated on KSC side: KSC - BitLocker recovery key and ID has been changedIf KSC backup has been made prior to this update, I’d assume that the new recovery key won’t be available after restore in new KSC.. haven’t tested that scenario, though. So, my recommendation - the migration process should take place either over night or during weekend, where the risk of this inconsistency would be minimized. Anyway, you can run both old and new KSC for few days after migration and keep backups to be able to restore access to encrypted drives if that occured during the migration process. I believe that you do have documentation of this, right? To be able to say which user has asked for which recovery key at what date/time.. 😀 Cheers, Milan

Hi @Kumar_K, from my experience it works fine. I personally did it this way: back up old KSC install new KSC on new host restore backup from old KSC (after this step, all encryption/decryption keys are present on new KSC) reconnect all hosts to new KSC (change administration server task or reinstall Network Agent with new connection settings) Change Administration Server task tadaaaaa 🤠 Let us know, if you have any further questions Cheers, Milan

Thanks, well.. maybe it’s a good idea to use KSWS instead. This product is tested on servers, more suitable then KES (this is meant to be used on personal OS) 🤡 Anyway, let us know the outcome from support, it is always interesting to see how the troubleshooting worked out :) Cheers, Milan

Hi @osama.mansoor, you don’t say what security product you have installed on the server? It’s either the KES (https://support.kaspersky.com/kes11) or KSWS (https://support.kaspersky.com/ksws11). Let us know, so we can assist you more effectively 😎 Cheers, Milan

Hi @apts, can you share your KES policy with us? I suppose you don’t have the firewall rules set up correctly 🤠 Cheers, Milan

Hi @chaibou, can you check, if on the target host is the encryption component installed? open device properties go to applications, select KES and open properties: Device properties→Applications→KES Properties Switch to components and check the Status: KES ComponentsCan you share printscreen with us? It may help to track the cause.. Cheers, Milan

sorry, it will be better the first article, you don’t need to change the tracing level … Trace files using registry keysCheers, Milan

Hi @MunirOmar, maybe you can check your registry keys → we can turn on/off trace files directly in registry 🤠 Follow instruction nr. 5) in this article: Trace files using registry keysThen delete the log file and see if it’s recreated again. Good luck, Milan

Hi @MunirOmar, thanks for clarification. Firstly, I’d recommend to use different Kaspersky product for servers (KSWS), as it’s designed and tested for that OS type. See this link for more details. If you want to stay with KES, I’d try to pause protection for that host (via console or locally from system tray): KES → Pause protectionWhen it’s paused, delete that log file, then enable protection and see if that log file is recreated again.. 🤓 Cheers, Milan

Hi @a.suljevic, I tested the upgrade from KSC12 to KSC13.. it went ok, without any problems.. But according to discussions here in community and some other info I’d recommend for you to wait with upgrade until first patch “A” is released. It’s like with every other software new releases, you know 🤓 Cheers, Milan

Hi @MunirOmar, what security product did you install? In you screenshot I can see a file called KES.11.3. … so, I assume you installed Kaspersky Endpoint Security for Windows on your server? Did you recently try any troubleshooting using Remote Diagnostics? You could have left the traces ON.. KSC Remote Diagnostics Utility → traces Cheers, Milan

Hello @mhoude, I believe it is possible 🤔 What type of license you have? The minimum for my scenario is Kaspersky Endpoint Security for Business - Select (more on licensing here) First, you need to install Kaspersky Security Center (administration server), you must have SQL server installed beforehand. See details on installation in online help. You can use either MMC console or web console, whatever suits you best. Second, you will install Kaspersky Network Agent on every computer in the company (which is responsible for communication between hosts and server). Don’t worry, there are automated remote installation tasks, you won’t have to go one by one any more. After Network Agent is installed, devices become “manageable” - you will see them from the console. More details in online help. Third, you divide computers to management groups and create policies for each product (Network Agent, Kaspersky Endpoint Security for Windows, Kaspersky Security for Windows Server, ..). See more about policies in online help. Let us know, if you need any further help 🤠 Cheers, Milan

Hi @Dolomite, I’d recommend to read this article to fully understand the FW management in KSWS. It’s not that straightforward. In my environment, we kept FW management based on GP and did not install FW management component on servers.. Let me know, if you need any further assistance 😉 Cheers, Milan

Hi @AlexandreVsr, from my experience the easiest way is via automatic installation. setup the uninstallation password in installation package: Network Agent installation package Properties → Settings create group for “migration” and go to properties, select the package: Group Properties → Automatic installation​​​​​ automatic installation task is created: Automatic installation task you can update properties, if necessary: Automatic installation task Properties → Settings then simply move computers to this group and that task will take care of the job 🤠Let us know, if it worked for you 😜 Cheers, Milan

Hi @MR_DWW, I want to record a video tutorial with KSC + MySQL DB installation, but didn’t have time yet :( But there is one answer crystal clear: 3. No, you can only use one DB with KSC. And unfortunately you cannot “change it later” .. If you want to change DB provider, you need to reinstall entire KSC. But you can backup/restore data, at least.. Will try to record the video soon, but can’t promise.. f-ing pandemic lockdown :( Cheers, Milan

Thanks @Demiad for update 🖖 Milan

Hi @KP Holland, to be sure of your server compromise, I’d recommend to check IOC’s using script released by Microsoft. You can read more at https://www.arnnet.com.au/article/686750/microsoft-releases-script-spot-exchange-server-zero-days/ Get back to us if you know the result 🤠 Cheers, Milan

Hi @ak01 and @stojan, based on online help, you are doing it the proper way - using masks should be suported (see online help). If it doesn’t work, you may have to submit a ticket via companyaccount and let support engineer take care of it :) Cheers, Milan

Hi @SnowyCanada, you can always download key file based on your activation key from Kaspersky website: Kaspersky → claim the key file see more at this article. Let us know if it helped :) Cheers, Milan